RV220W Access Rules Failing - Requests Answered By Firewall
I have setup my RV220W with NAT rules and access policies to accept HTTPS and SSH requests on a web server. When I set the policies up the site works fine for a while and then the firewall itself begins to answer the requests instead of forwarding them onto the web server.
Firewall WAN IP: xxx.xxx.xxx.218
Subnet Mask: 255.255.255.248
I have a one to one NAT policy set up this way:
Private Range Begin: xxx.xxx.xxx.32
Public Range Begin: xxx.xxx.xxx.219
Range Length: 1 Service: ANY
ACL:
Connection Type: Inbound > LAN
Action: Always Allow
Service: HTTPS
Source IP: Any
DNAT IP: xxx.xxx.xxx.32
WAN IP Address: xxx.xxx.xxx.219
When I make a request to the site the Firewall WAN IP(xxx.xxx.xxx.218) will respond to the request instead of the web server IP (xxx.xxx.xxx.219).
I need help with this, please.
Update - I managed to get the firewall to pass the HTTPS requests by changing the remote management port to 60443 and changing the NAT rule from ANY to HTTP and adding access policies for the other ports. The problem now is that the firewall is not always passing SSH traffic.
Intermittently the firewall accepts the SSH traffic intended to go to the xxx.xxx.xxx.219 on xxx.xxx.xxx.218.
NAT:
Private Range Begin: xxx.xxx.xxx.32
Public Range Begin: xxx.xxx.xxx.219
Range Length: 1 Service: HTTP
ACL:
Connection Type: Inbound > LAN
Action: Always Allow
Service: HTTPS
Source IP: Any
DNAT IP: xxx.xxx.xxx.32
WAN IP Address: xxx.xxx.xxx.219
Connection Type: Inbound > LAN
Action: Always Allow
Service: SSH
Source IP: Any
DNAT IP: xxx.xxx.xxx.32
WAN IP Address: xxx.xxx.xxx.219
I know that it is a bad idea to have SSH open on a public IP, but until I can get IPSEC VPN set up this is necessary. I'm not willing to start with the IPSEC setup until I can get the other rules to be stable.
One nightmare at a time, please.
Similar Messages
-
RV220W access rules (related to wireless deactivation)
I would like to find a workaround in order to have an "advanced SSID scheduler" to activate wireless connections at different times depending on the day. There currently is only one single setting available, which activates a wireless network at the same time every single day, 365 days/year... Even on weekends and during the holidays.
I actually managed to program an access rule to slightly modify this behaviour, but I can't manage to disable the signal completely, and connections are still active (on specific applications, at least), which is a real issue to me.
This is the access rule I have currently set:
Connection type: Outbound
Action: Block by schedule (using a different schedule than the one set on the basic wireless settings)
Service: Any
Source IP: Address range (all the devices I want to control with the rule)
Destination IP: Any
This rule works, but when the "off" time triggers, if a device was connected on facebook Messenger or on Skype, it will keep the connection and not lose it as expected. Actually, facebook Messenger will still accept incoming messages, but won’t send outgoing messages.
Of course, I’d like to make sure the wireless signal is completely blocked...
Any suggestion?Update - I managed to get the firewall to pass the HTTPS requests by changing the remote management port to 60443 and changing the NAT rule from ANY to HTTP and adding access policies for the other ports. The problem now is that the firewall is not always passing SSH traffic.
Intermittently the firewall accepts the SSH traffic intended to go to the xxx.xxx.xxx.219 on xxx.xxx.xxx.218.
NAT:
Private Range Begin: xxx.xxx.xxx.32
Public Range Begin: xxx.xxx.xxx.219
Range Length: 1 Service: HTTP
ACL:
Connection Type: Inbound > LAN
Action: Always Allow
Service: HTTPS
Source IP: Any
DNAT IP: xxx.xxx.xxx.32
WAN IP Address: xxx.xxx.xxx.219
Connection Type: Inbound > LAN
Action: Always Allow
Service: SSH
Source IP: Any
DNAT IP: xxx.xxx.xxx.32
WAN IP Address: xxx.xxx.xxx.219
I know that it is a bad idea to have SSH open on a public IP, but until I can get IPSEC VPN set up this is necessary. I'm not willing to start with the IPSEC setup until I can get the other rules to be stable.
One nightmare at a time, please. -
Applying new access rules fails.
Netware 6.5 SP6 BM 3.9
Ok, new problem. I am trying to add some new access rules to the list in a particular container. When I have defined the rule and click apply I get the following message - Unknown system error. This doesnt happen on the other container which already has rules defined in it. Are the rules from the higher level container being propogated down the tree as I assumed they would be ?
---treename 2 explicit deny rules for the whole company
------it This container to be exempt. cant add rule to allow all.
------helpdesk
------etc
Another aside seems to be that even though "Enforce Access Rules" is always on sometimes the rules do not work and sometimes they do.
Any help much appreciated.JeffSheehan,
It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com/ to search the knowledgebase and check the other support options available on that page under "Self Support" and "Support Programs".
- You could also try posting your message again. Make sure it is posted in the correct newsgroup. (http://support.novell.com/forums)
If this is a reply to a duplicate posting, please ignore and accept our apologies and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/ -
RV220W - port redirection/access rules with multiple WAN IPs
I've just installed a Cisco RV220W - which works fine for outbound traffic, however for inbound it seems unable to work with multiple WAN IPs.
We have a block of 6 WAN IPs assigned to us by our ISP, and I want to make use of all of them to expose certain ports on our servers to the outside world.
I've tried to do this with Access Rules (using HTTP as an example) with the following settings:
Connection Type: Inbound (WAN (Internet) > LAN (Local Network))
Action: Always Allow
Service: HTTP
Source IP: Single Address
Start: <one of the WAN IPs>
Send to Local Server (DNAT IP): <IP of the internal server>
Use Other WAN (Internet) IP Address: disabled
Rule Status: Enabled
Yet the server/port remains inaccessible.
I've tried:
rebooting the server with a power off/on again
implementing the same settings in port forwarding
triple-checking all IP addresses being used
The only way I've got it working is by changing the access rule so that it applies to any source address rather than one specific one... however that's not a solution for us as we need to use specific IP addresses for specific internal servers/ports.
The router's admin interface certainly suggests this should be possible, however making use of it seems to break all incoming access!
Any suggestions welcome.You should be using "ANY" as the source IP, as you are publishing your internal server to the internet and internet means the request comes from any source IP (you don't know what it is, so it will be any.
Basically, you want any source IP to hit one of your WAN IPs on port 80, and then your firewall will redirect that request to the internal server's private IP address on same port 80. And when the response comes back from the internal server, the firewall will already have this translate entry in it so the reverse NAT will happen (you don't need configure this, it is default firewall feature).
I hope I have answered your question well.
Please mark as correct if you like the response.
Thanks -
Failed to update server firewall rules
Hi
I have a problem with the SQL firewall. Unfortunately, I can not add IP address. It always comes this error when saving: Failed to update server firewall rules
How can I change this? I need to change this setting so that I can work again. Unfortunately, I do not want to help the Support of Microsoft !!Hi,
To configure your firewall, you create firewall rules that specify ranges of acceptable IP addresses. You can create firewall rules at the
server and database levels.
Server-level firewall rules: These rules enable clients to access your entire Azure SQL Database server, that is, all the databases within the same logical server. These rules are stored in the
master database.
Database-level firewall rules: These rules enable clients to access individual databases within your Azure SQL Database server. These rules are created per database and are stored in the individual databases (including
master). These rules can be helpful in restricting access to certain (secure) databases within the same logical server.
For additional information check this below link
http://msdn.microsoft.com/en-us/library/azure/ee621782.aspx
http://social.technet.microsoft.com/wiki/contents/articles/2677.windows-azure-sql-database-firewall-en-us.aspx
http://social.msdn.microsoft.com/Forums/azure/en-US/ea128f00-8a94-4ace-88ff-d7095ff60c1a/cannot-change-firewall-setting-for-sql-azure-after-ip-change?forum=ssdsgetstarted
Girish Prajwal -
Inactive firewall access rule can still work?
Hi all,
I have a asa firewall which has a inactive access rule whose enabled checkbox is not checked. However it seem that this access rule can still work.
Hence i would like to know what is the difference in having the access rule's enabled checkbox check or uncheck. Pls advise, thks in advance.I'm assuming by rule you mean an inactive access-list entry? If so, did you try clearing the translations (clear xlate) after disabling it?
Try running packet-tracer to determine if that is the rule that the traffic is hitting. -
Firewall Access Rules do not work on One to One NAT (RV042G Router)
I have two unique IP addresses, two servers, and one RV042G router.
What I would like to do is have each IP address go to it's own respective server. To do that, I've set the settings on One-to-One NAT to make this happen. Now IP address 1 points to server A and IP address 2 points to server B.
However, I only want port 80 to be open to each server. I've tried setting the Firewall access rules to accommodate this but it doesn't appear to block anything. All ports on the servers are exposed despite the firewall rules.
Here's what I have in the router configuration:
Under One-to-One NAT:
{internal IP address 1} => {external IP address 1}
{internal IP address 2} => {external IP address 2}
Under Firewall Access Rules:
Action | Service | Source Interface | Source | Destination | Time
Allow | HTTP Secondary 80 | WAN1 | Any | {internal IP address 1} | Always
Deny | All Traffic | WAN1 | Any | Any | Always
Is there a proper way to accomplish what I want?Thanks for replying.
Turns out I had to add new access rules to specifically deny all traffic to the internal addresses, in addition to the rule allowing the specified ports through.
So, with the IP addresses still defined the same way in the One-to-One NAT section, I now have the following rules defined in the firewall section:
Under Firewall Access Rules:
Priority | Action | Service | Source Interface | Source | Destination | Time
[1] | Allow | HTTP Secondary 80 | ANY | Any | {internal IP address 1} | Always
[2] Deny | All Traffic | WAN1 | Any | { internal IP address 1 } | Always <== the new one I ended up adding
(default) | Deny | All Traffic | WAN1 | Any | Any | Always <== built in default rule in router
I originally did not add the second rule because I had assumed that the default deny rule would block all traffic to all internal IP addresses anyway. Perhaps someone can correct me if I'm wrong but I am now assuming that the default deny rule applies to the router only and not to any other defined One-to-One NAT entries. In which case, I had to add another rule that duplicates the default deny rule but for each 1:1 NAT entry.
If this was already in the manual, I probably missed it so that would be my own mistake. Still, I wish this was more apparent in the web GUI as it didn't really specify that I had to do this.
In any case, I hope my solution helps anyone else in the future having this similar issue. -
RV220W - Scheduled Access Rules
I have an RV220W managing my home/home office network. Since it is summer time and my kids have a lot of free time on their hands, I have established some Scheduled Access Rules to regulate their online activities. The rules are set up as scheduled blocks (my basic rule is allow all) and they were created using the schedule manager and the access rules wizard. For some reason that escapes me, the router engages the block just fine. But when the time rolls around to allow access (or I manually disable the rule), nothing changes on the network until I reboot the router. This routine gets old, fast. Am I doing something wrong?
Naresh,
I have read through all of the documentation (print and online) forwards and backwards. Let me reiterate what is happening:
I have an RV220W (latest firmware) attached to my Comcast Business Class cable modem.
The cable modem is in bridge mode.
My default Outbound Policy is ALLOW.
I have a set of BLOCK BY SCHEDULE rules for controlling access to Minecraft game servers (port 25565) at three different times a day. Using ALLOW BY SCHEDULE is pointless as the DEFAULT OUTBOUND POLICY overrides this.
If I disable one of the rules while it is active, it's deactivation does not take effect unless I reboot the RV220W. If the time schedule lapses, the block is still in force.
That is not the way it is supposed to work. -
ASA 5505, error in Access Rule
Hello.
Tha ASA 5505 is working, but I try to allow http and https from internet to a server running 2012 Essentials. The server has the internal IP 192.168.0.100. I have created an Object called SERVER with IP 192.168.0.100
The outside Interface is called ICE
I have configured NAT:
I have also configured Access Rules:
But when I test it With the Packet Tracer I get an error:
Whats wrong With the Access Rule?
I do prefer the ASDM :)
Best regards AndreasHello Jeevak.
This is the running config (Vlan 13 (Interface ICE) is the one in use:
domain-name DOMAIN.local
names
name 192.168.0.150 Server1 description SBS 2003 Server
name 192.168.10.10 IP_ICE
name x.x.x.0 outside-network
name x.x.x.7 IP_outside
name 192.168.0.100 SERVER description Hovedserver
interface Vlan1
nameif inside
security-level 100
ip address 192.168.0.1 255.255.255.0
interface Vlan2
description Direct Connect
backup interface Vlan13
nameif outside
security-level 0
pppoe client vpdn group PPPoE_DirectConnect
ip address pppoe
interface Vlan3
description Gjestenettet
nameif dmz
security-level 50
ip address 10.0.0.1 255.255.255.0
interface Vlan13
description Backupnett ICE
nameif ICE
security-level 0
ip address IP_ICE 255.255.255.0
interface Vlan23
description
nameif USER
security-level 50
ip address 10.1.1.1 255.255.255.0
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
switchport access vlan 13
interface Ethernet0/2
switchport access vlan 23
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
switchport access vlan 3
interface Ethernet0/7
switchport access vlan 3
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
dns domain-lookup dmz
dns server-group DefaultDNS
domain-name DOMAIN.local
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list outside_access_in extended permit tcp any host IP_outside eq https
access-list outside_access_in extended permit tcp any host IP_outside eq www
access-list outside_access_in extended permit icmp any host IP_outside echo-reply
access-list outside_access_in remark For RWW
access-list outside_access_in remark For RWW
access-list outside_access_in remark For RWW
access-list outside_access_in remark For RWW
access-list outside_access_in remark For RWW
access-list outside_access_in remark For RWW
access-list outside_access_in remark For RWW
access-list outside_access_in remark For RWW
access-list outside_access_in remark For RWW
access-list outside_access_in remark For RWW
access-list outside_access_in remark For RWW
access-list outside_access_in remark For RWW
access-list DOMAINVPN_splitTunnelAcl standard permit any
access-list inside_nat0_outbound extended permit ip any 192.168.0.192 255.255.255.192
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.0.192 255.255.255.192
access-list DOMAIN_VPN_splitTunnelAcl standard permit 192.168.0.0 255.255.255.0
access-list ICE_access_in extended permit tcp any host IP_ICE eq https
access-list ICE_access_in extended permit tcp any host IP_ICE eq www
access-list ICE_access_in extended permit icmp any host IP_ICE echo-reply
access-list ICE_access_in remark For RWW
access-list ICE_access_in remark For RWW
access-list USER_access_in extended permit ip any any
pager lines 24
logging enable
logging asdm warnings
mtu inside 1500
mtu outside 1500
mtu dmz 1500
mtu ICE 1500
mtu USER 1500
ip local pool VPNPool 192.168.10.210-192.168.10.225 mask 255.255.255.0
no failover
monitor-interface inside
monitor-interface outside
monitor-interface dmz
monitor-interface ICE
monitor-interface USER
icmp unreachable rate-limit 1 burst-size 1
icmp permit outside-network 255.255.255.0 outside
icmp permit 192.168.10.0 255.255.255.0 ICE
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
global (ICE) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
nat (dmz) 1 10.0.0.0 255.255.255.0
nat (USER) 1 10.1.1.0 255.255.255.0
static (inside,ICE) tcp interface www SERVER www netmask 255.255.255.255
static (inside,outside) tcp interface www SERVER www netmask 255.255.255.255
static (inside,ICE) tcp interface https SERVER https netmask 255.255.255.255
static (inside,outside) tcp interface https SERVER https netmask 255.255.255.255
access-group outside_access_in in interface outside
access-group ICE_access_in in interface ICE
access-group USER_access_in in interface USER
route outside 0.0.0.0 0.0.0.0 x.x.x.1 1 track 123
route ICE 0.0.0.0 0.0.0.0 192.168.10.1 254
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 192.168.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sla monitor 1
type echo protocol ipIcmpEcho x.x.x.1 interface outside
num-packets 3
frequency 10
sla monitor schedule 1 life forever start-time now
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs group1
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 40 set pfs group1
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
track 123 rtr 1 reachability
no vpn-addr-assign local
telnet timeout 5
ssh timeout 5
console timeout 0
management-access inside
dhcpd auto_config outside
dhcpd address 10.0.0.10-10.0.0.39 dmz
dhcpd dns y.y.y.2 z.z.z.z interface dmz
dhcpd lease 6000 interface dmz
dhcpd enable dmz
dhcpd address 10.1.1.100-10.1.1.120 USER
dhcpd dns y.y.y.2 z.z.z.z interface USER
dhcpd lease 6000 interface USER
dhcpd domain USER interface USER
dhcpd enable USER
ntp server 64.0.0.2 source outside
group-policy DOMAIN_VPN internal
group-policy DOMAIN_VPN attributes
dns-server value 192.168.0.150
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value DOMAIN_VPN_splitTunnelAcl
default-domain value DOMAIN.local
class-map inspection_default
match default-inspection-traffic
class-map imblock
match any
class-map P2P
match port tcp eq www
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map type inspect im impolicy
parameters
match protocol msn-im yahoo-im
drop-connection log
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect pptp
policy-map type inspect http P2P_HTTP
parameters
match request uri regex _default_gator
drop-connection log
match request uri regex _default_x-kazaa-network
drop-connection log
match request uri regex _default_msn-messenger
drop-connection log
match request uri regex _default_gnu-http-tunnel_arg
drop-connection log
policy-map IM_P2P
class imblock
inspect im impolicy
class P2P
inspect http P2P_HTTP
service-policy global_policy global
service-policy IM_P2P interface inside
prompt hostname context
: end
asdm image disk0:/asdm-524.bin
asdm location Server1 255.255.255.255 inside
asdm location IP_ICE 255.255.255.255 inside
asdm location outside-network 255.255.255.0 inside
asdm location SERVER 255.255.255.255 inside
no asdm history enable
What is wrong? Everything Works well except port forwarding.
Andreas -
High memory usage and error creating access rules
Hi guys
I'm having a problem with the memory and also trying to create some rules on the CISCO ASA. The version that I got installed was the 8.2.5.33 on a CISCO 5520 with 512 RAM, the memory usage is on 99% used, 1% free and because of that when I'm trying to create a new rule the firewall brings me the next error
So what I did was a downgrade to the version 8.2 (4) 4 and the memory went down a little (82% used, 18% free) but I still got the error when I'm creating an access rule on the device. One thing and I'm not sure if this could affect on the performance are the number of access list and the object groups that are created.
I already open a case with CISCO TAC and they are checking if the problem is with the memory capacity or maybe a memory leak.
Also the doubt that I got is with the memory that I got now available should I can create access rules or 82 is still to hig to create a rule or and object group?
RegardsHi,
Can you check what is the amount of ACEs you have on the ACLs in use?
I think if you use the command "show access-list " the first line should give you the total amount of ACEs in the ACL
- Jouni -
Error while accessing ESS Loan Request.
Hi Experts,
While accessing ESS Loan request for Country grouping 40 India am getting below mentioned error saying that 500 Internal Server Error.
I have maintained the settings for Leave request and maintained Infotype 45 Loans for employee.
But it is giving the below mentioned error.
500 Internal Server Error
SAP NetWeaver Application Server 7.00/Java AS 7.00
Failed to process request. Please contact your system administrator.
[Hide]
Error Summary
While processing the current request, an exception occured which could not be handled by the application or the framework.
If the information contained on this page doesn't help you to find and correct the cause of the problem, please contact your system administrator. To facilitate analysis of the problem, keep a copy of this error page. Hint: Most browsers allow to select all content, copy it and then paste it into an empty document (e.g. email or simple text file).
Root Cause
The initial exception that caused the request to fail, was:
com.sap.dictionary.runtime.DdException: Type com.sap.model.loan.types.Extdl does not exist
at com.sap.dictionary.types.mdi.util.ProviderUtil.createAbapTypeXmlMap(ProviderUtil.java:400)
at com.sap.dictionary.runtime.mdi.DataProvider.createSimpleTypeFromAbapType(DataProvider.java:596)
at com.sap.dictionary.runtime.mdi.DataProvider.getDataType(DataProvider.java:296)
at com.sap.dictionary.runtime.DdDictionary.getDataType(DdDictionary.java:94)
at com.sap.dictionary.runtime.DdBroker.getDataType(DdBroker.java:164)
... 74 more
See full exception chain for details.
System Environment
Client
Web Dynpro Client Type HTML Client
User agent Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2)
Version null
DOM version null
Client Type msie8
Client Type Profile ie6
ActiveX enabled
Cookies enabled
Frames enabled
Java Applets enabled
JavaScript enabled
Tables enabled
VB Script enabled
Server
Web Dynpro Runtime Vendor: SAP, build ID: 7.0205.20100813133935.0000 (release=NW702_05_REL, buildtime=2010-09-13:15:28:44[UTC], changelist=91834, host=pwdfm256), build date: Fri Feb 11 16:31:03 IST 2011
J2EE Engine 7.02 PatchLevel 91789.
Java VM Java HotSpot(TM) 64-Bit Server VM, version:1.4.2_28-b03, vendor: Sun Microsystems Inc.
Operating system Windows Server 2008 R2, version: 6.1, architecture: amd64
Session & Other
Session Locale en_US
Time of Failure Fri Feb 18 11:17:24 IST 2011 (Java Time: 1298008044828)
Web Dynpro Code Generation Infos
sap.com/pb
SapDictionaryGenerationCore 7.0205.20100813133727.0000 (release=NW702_05_REL, buildtime=2010-09-13:15:18:36[UTC], changelist=91776, host=PWDFM256.wdf.sap.corp)
SapDictionaryGenerationTemplates 7.0205.20100813133727.0000 (release=NW702_05_REL, buildtime=2010-09-13:15:18:40[UTC], changelist=91776, host=PWDFM256.wdf.sap.corp)
SapGenerationFrameworkCore 7.0205.20100813133737.0000 (release=NW702_05_REL, buildtime=2010-09-13:15:08:53[UTC], changelist=91781, host=PWDFM256.wdf.sap.corp)
SapIdeWebDynproCheckLayer 7.0205.20100813133926.0000 (release=NW702_05_REL, buildtime=2010-09-13:15:22:53[UTC], changelist=91832, host=PWDFM256.wdf.sap.corp)
SapMetamodelCommon 7.0205.20100813133815.0000 (release=NW702_05_REL, buildtime=2010-09-13:15:09:28[UTC], changelist=91800, host=PWDFM256.wdf.sap.corp)
SapMetamodelCore 7.0205.20100813133815.0000 (release=NW702_05_REL, buildtime=2010-09-13:15:09:25[UTC], changelist=91800, host=PWDFM256.wdf.sap.corp)
SapMetamodelDictionary 7.0205.20100813133729.0000 (release=NW702_05_REL, buildtime=2010-09-13:15:16:20[UTC], changelist=91777, host=PWDFM256.wdf.sap.corp)
SapMetamodelWebDynpro 7.0205.20100813133929.0000 (release=NW702_05_REL, buildtime=2010-09-13:15:20:37[UTC], changelist=91833, host=PWDFM256.wdf.sap.corp)
SapWebDynproGenerationCTemplates 7.0205.20100813133935.0000 (release=NW702_05_REL, buildtime=2010-09-13:15:30:09[UTC], changelist=91834, host=pwdfm256)
SapWebDynproGenerationCore 7.0205.20100813133926.0000 (release=NW702_05_REL, buildtime=2010-09-13:15:22:57[UTC], changelist=91832, host=PWDFM256.wdf.sap.corp)
SapWebDynproGenerationTemplates 7.0205.20100813133935.0000 (release=NW702_05_REL, buildtime=2010-09-13:15:30:09[UTC], changelist=91834, host=pwdfm256)
Detailed Error Information
Detailed Exception Chain
com.sap.tc.webdynpro.services.exceptions.TypeNotFoundException: type com.sap.model.loan.types.Extdl could not be loaded: com.sap.dictionary.runtime.DdException: Type com.sap.model.loan.types.Extdl does not exist
at com.sap.tc.webdynpro.services.datatypes.core.DataTypeBroker.getSimpleType(DataTypeBroker.java:268)
at com.sap.tc.webdynpro.services.datatypes.core.DataTypeBroker.getDataType(DataTypeBroker.java:231)
at com.sap.tc.webdynpro.progmodel.context.DataAttributeInfo.init(DataAttributeInfo.java:318)
at com.sap.tc.webdynpro.progmodel.context.NodeInfo.initUnmappedAttributes(NodeInfo.java:687)
at com.sap.tc.webdynpro.progmodel.context.DataNodeInfo.doInit(DataNodeInfo.java:238)
at com.sap.tc.webdynpro.progmodel.context.NodeInfo.init(NodeInfo.java:671)
at com.sap.tc.webdynpro.progmodel.context.NodeInfo.init(NodeInfo.java:674)
at com.sap.tc.webdynpro.progmodel.context.Context.init(Context.java:40)
at com.sap.tc.webdynpro.progmodel.controller.Controller.init(Controller.java:199)
at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.init(ClientComponent.java:430)
at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.createComponent(ClientComponent.java:940)
at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.createComponent(ClientComponent.java:177)
at com.sap.tc.webdynpro.progmodel.components.ComponentUsage.createComponentInternal(ComponentUsage.java:149)
at com.sap.tc.webdynpro.progmodel.components.ComponentUsage.createComponent(ComponentUsage.java:141)
at com.sap.pcuigp.xssfpm.wd.FPMComponent$ComponentUsageManager.createBLCComponentUsage(FPMComponent.java:761)
at com.sap.pcuigp.xssfpm.wd.FPMComponent$FPM.attachComponentToUsage(FPMComponent.java:920)
at com.sap.pcuigp.xssfpm.wd.FPMComponent$FPM.attachComponentToUsage(FPMComponent.java:891)
at com.sap.pcuigp.xssfpm.wd.FPMComponent$FPMProxy.attachComponentToUsage(FPMComponent.java:1084)
at com.sap.ess.in.loan.overview.VcOverviewESS.onInit(VcOverviewESS.java:244)
at com.sap.ess.in.loan.overview.wdp.InternalVcOverviewESS.onInit(InternalVcOverviewESS.java:611)
at com.sap.ess.in.loan.overview.VcOverviewESSInterface.onInit(VcOverviewESSInterface.java:162)
at com.sap.ess.in.loan.overview.wdp.InternalVcOverviewESSInterface.onInit(InternalVcOverviewESSInterface.java:144)
at com.sap.ess.in.loan.overview.wdp.InternalVcOverviewESSInterface$External.onInit(InternalVcOverviewESSInterface.java:220)
at com.sap.pcuigp.xssfpm.wd.FPMComponent.doProcessEvent(FPMComponent.java:564)
at com.sap.pcuigp.xssfpm.wd.FPMComponent.doEventLoop(FPMComponent.java:438)
at com.sap.pcuigp.xssfpm.wd.FPMComponent.wdDoInit(FPMComponent.java:196)
at com.sap.pcuigp.xssfpm.wd.wdp.InternalFPMComponent.wdDoInit(InternalFPMComponent.java:110)
at com.sap.tc.webdynpro.progmodel.generation.DelegatingComponent.doInit(DelegatingComponent.java:108)
at com.sap.tc.webdynpro.progmodel.controller.Controller.initController(Controller.java:215)
at com.sap.tc.webdynpro.progmodel.controller.Controller.init(Controller.java:200)
at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.init(ClientComponent.java:430)
at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.init(ClientApplication.java:362)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.initApplication(ApplicationSession.java:783)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:303)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingPortal(ClientSession.java:761)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:696)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:253)
at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
at com.sap.tc.webdynpro.clientserver.session.core.ApplicationHandle.doProcessing(ApplicationHandle.java:73)
at com.sap.tc.webdynpro.portal.pb.impl.AbstractApplicationProxy.sendDataAndProcessActionInternal(AbstractApplicationProxy.java:876)
at com.sap.tc.webdynpro.portal.pb.impl.AbstractApplicationProxy.create(AbstractApplicationProxy.java:222)
at com.sap.portal.pb.PageBuilder.updateApplications(PageBuilder.java:1355)
at com.sap.portal.pb.PageBuilder.createPage(PageBuilder.java:357)
at com.sap.portal.pb.PageBuilder.init(PageBuilder.java:551)
at com.sap.portal.pb.PageBuilder.wdDoRefresh(PageBuilder.java:597)
at com.sap.portal.pb.PageBuilder$1.doPhase(PageBuilder.java:870)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processPhaseListener(WindowPhaseModel.java:755)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doPortalDispatch(WindowPhaseModel.java:717)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:136)
at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335)
at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:333)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:712)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:253)
at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doPost(DispatcherServlet.java:53)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
Caused by: com.sap.dictionary.runtime.DdException: Type com.sap.model.loan.types.Extdl does not exist
at com.sap.dictionary.types.mdi.util.ProviderUtil.createAbapTypeXmlMap(ProviderUtil.java:400)
at com.sap.dictionary.runtime.mdi.DataProvider.createSimpleTypeFromAbapType(DataProvider.java:596)
at com.sap.dictionary.runtime.mdi.DataProvider.getDataType(DataProvider.java:296)
at com.sap.dictionary.runtime.DdDictionary.getDataType(DdDictionary.java:94)
at com.sap.dictionary.runtime.DdBroker.getDataType(DdBroker.java:164)
at com.sap.dictionary.runtime.DdBroker.getSimpleType(DdBroker.java:170)
at com.sap.tc.webdynpro.services.datatypes.core.DataTypeBroker.getSimpleType(DataTypeBroker.java:260)
... 72 more
Please suggest me the solution for this.
Regards,
Ksanj.Please check that the ESS/ERP packages fit together according to
the page
https://wiki.sdn.sap.com/wiki/display/ERPHCM/HOWTOGETRIDOFSPSTACK+
MISMATCH+ISSUES
Please check again the componentinfo and the SPlevels of the testlandsca
pe, that the same level is used on the prod landscape.
So ensure you are on correct levels! -
Hi All,
I’m having a hard time figuring out how to make Rest WebService calls.
I tried executing this directly through browser and I get an error.
http:localhost:8080/rest/bean/atg/userprofiling/ProfileServices/loginUser?arg1=[email protected]&arg2=Password
13:18:20,613 ERROR [RestSecurityServlet] Error code: 401
Access to the requested resource is not allowed: /atg/userprofiling/ProfileServices
atg.rest.RestException: Access to the requested resource is not allowed: /atg/userprofiling/ProfileServices
at atg.rest.processor.RestSecurityProcessor.checkAccess(RestSecurityProcessor.java:546)
at atg.rest.processor.RestSecurityProcessor.handleGetRequest(RestSecurityProcessor.java:313)
at atg.rest.processor.RestSecurityProcessor.doRESTGet(RestSecurityProcessor.java:199)
at atg.rest.servlet.RestPipelineServlet.serviceRESTRequest(RestPipelineServlet.java:417)
at atg.rest.servlet.RestPipelineServlet.service(RestPipelineServlet.java:260)
at atg.servlet.pipeline.PipelineableServletImpl.passRequest(PipelineableServletImpl.java:157)
at atg.servlet.pipeline.PipelineableServletImpl.service(PipelineableServletImpl.java:320)
at atg.rest.servlet.RestPipelineServlet.service(RestPipelineServlet.java:264)
at atg.rest.servlet.HeadRestServlet.service(HeadRestServlet.java:130)
at atg.servlet.pipeline.PipelineableServletImpl.service(PipelineableServletImpl.java:267)
From the documentation I understand that I need to create a session, is the session only necessary to access secured components since this
particular method “ProfileServices.loginUser “ has been declared as not secure in restSecurityConfiguration.xml
Also, are there two different ways in which I can log in
1. Using RestSession.createSession providing the username and password.
2. Or using ProfileServices.loginUser or ProfileFormHandler
Can someone please clarifyIf you are invoking the REST web-service from a Java client then you can create a RestSession object using the createSession method. But in your case you seem to be invoking it with a HTTP request which by default would be treated as a GET request by ATG's REST implementation. Therefore being a GET, it would try to fetch a property "loginUser" from /atg/userprofiling/ProfileServices component (based on your URL) which would always fail.
To invoke loginUser() method of ProfileServices with your passed argument you need to tell ATG's REST system to treat your incoming request not as GET but as a POST request which you can do using atg-rest-http-method control parameter in your request like this
http:localhost:8080/rest/bean/atg/userprofiling/ProfileServices/loginUser?arg1=[email protected]&arg2=Password&atg-rest-http-method=POST
It should work this way provided your restSecurityConfiguration.xml is proper. -
Cluster Setup Support Rules fails with Warnings
Hi,
I'm in the process of installing our ECC production server in a clustered environment on windows server 2008 with SQL server 2008 as our database.
The MSCS cluster at the OS level has been configured successfully. When I start the SQL server installation as mentioned in the installation guide, the Setup Support Rules fails with following warnings.
1. The setup support file prompts me to set the MSDTC service as a clustered one but it was not mentioned anywhere in the installation guide that the MSDTC service needs to be clustered. Do I need to cluster that service with seperate network ip address and cluster group ?
2. The Network binding order issues a warning even though the adapters are set up in the right order as mentioned in the installation guide.
3. Eventhough there is a internet connectivity available in the server, the "Microsoft .Net Application Security" check issues a warning.
NB: As per the cluster validation report, the clustering at the OS level seems to be fine.
Please provide me your valuable suggestions to rectify these warnings. Can I ignore these warnings and proceed with the installation of SQL Server ?
Regards,
Varadharajan MHi,
Microsoft Distributed Transaction Coordinator
Is is user by older versions of Mssql database.
From a SAP perspective you don't need this service.
You can ignore setup request for this service.
As per the reply, I understand that the MSDTC service is not mandatory to cluster in Windows Server 2008/MS SQL Server 2008. But when i try to install the SQL DB, the Set support rule ends up with warnings saying that the MSDTC service should be clustered. Can I ignore the warnings and proceed with the installation. Can anyone confirm this please ?
Also please confirm whether we need to have the db cluster group in the DNS before initiating the SQL Server Set up.
Regards,
Varadharajan M -
Good Day To All,
We recently purchased a RV082 Firewall Router and I am having the headache of a lifetime with the access rules and port forwarding. I have read EVERY post possible and still cannot come to a conclusion of what I am doing wrong...
First Question is the MAIL SERVER.. I could not get our email server to talk when setting this device to DMZ so for the time being I put it on LAN2 and attempted to set up an access rule Port 25 to the IP of the mail server. NO GO.. I had to port forward or it would not work.
Now I want to deny access on port 25 over WAN1 201.X.X.108 but allow access over port 25 on WAN2 201.X.X.109 and this is where it's a NO GO. It doesnt matter what order I put the rules in, its still a no go. Furthermore if I take out the port forward 25 and put in the rules to allow ANY source to reach 25 on the mail server it ALSO does not work...
This is what I have now and I can still access the email server on EITHER WAN address. I have tried to specifically DENY WAN1 but still no luck.
FORWARD:
PORT 25 to 192.168.0.221 is ENABLED
ACCESS RULES: (in this order)
ACTION: ALLOW
SERVICE: SMTP:25
SOURCE INTERFACE: WAN2
SOURCE: ANY
DESTINATION: 192.168.0.221
TIME: ALWAYS
ACTION: ALLOW
SERVICE: SMTP:25
SOURCE INTERFACE: LAN
SOURCE: 192.168.0.221
DESTINATION: ANY
TIME: ALWAYS
ACTION: DENY
SERVICE: SMTP:25
SOURCE INTERFACE: ANY
SOURCE: ANY
DESTINATION: ANY
TIME: ALWAYS
Now Second Question is pretty much the same but with SSH on port 22. I did this as a test and enabled SSH to the mail server.
FORWARD:
NOTHING SET
ACTION: ALLOW
SERVICE: SSH:22
SOURCE INTERFACE: ANY
SOURCE: ANY
DESTINATION: 192.168.0.221
TIME: ALWAYS
Why would this not work? The ONLY was I can get an SSH:22 to work is if I port forward it and then the access rule when set to DENY ALL it still allows it on both WAN1 and WAN2...
CONFUSED!
HELP!
PLEASE!
The Screen shot was my last attempt at making SSH work...Esentially what I am trying to accomplish is to NOT have the port forward set. But in every case so far it seems as if the access rules DO NOT WORK at all.
Even if I set SSH:22 to port forward and set a firewall rule to DENY ANY ANY ANY to ANY I can still SSH to the box -
My Router Access Rule is getting deleted
Hello,
I set up an xbox360 with a static IP address on my home network. My firewall is set to maximum and I need to set up some access rules for xbox live. This was not difficult but what I've found is that after a few days the access rule is suddenly absent from the list (but the port forwarding rule remains). why is this occurring? This is an Actiontec router from Verizon.
ThanksMake sure to change the control password of the router, if you have not already.
Look in the router in Advanced, for that setting.
If you are the original poster (OP) and your issue is solved, please remember to click the "Solution?" button so that others can more easily find it. If anyone has been helpful to you, please show your appreciation by clicking the "Kudos" button.
Maybe you are looking for
-
Hi all, the log of the BI_PROCESS_TRIGGER looks like - Job started - Step 001 started - Status F hal already been reported to instance.... - Job finished In the log of the Processchain in the rspc there is no log for this job. What tells me 'Status F
-
Classes may only be defined in external ActionScript 2.0 class scripts.
i try to use the BitmapExporter 2.2. i inserted the .as file into the first frame in my fla but when i try to test movie i get "Classes may only be defined in external ActionScript 2.0 class scripts." since i am not expert in extensions - what did i
-
Trouble with connecting with wi fi and cellular
my I-Pad says it cannot connect to the server when in wi fi or cellular although my husband's i-pad is working in both
-
How do I delete just a portion of my Sent folder?
e.g. just the 50 oldest items
-
When I go into Cover Flow and select a song in a Greatest Hits Album, it show's all the songs from that Artist and all the other Artist's with Greatest Hits. I don't want to change the name of the CD and have to find and then paste the Album Art beca